Minoru:
> Could you open the ticket for me? I am a new contributor and I do not
> know how this works.
I think that we should instead open a ticket on the Electrum tracker and
have this problem fixed at its root once and for good.
It should go like this:
Supporting Tor hidden services in the Electrum server pool
----------------------------------------------------------
- Tails is aware and worried about the "Bitcoin over Tor isn't a good
idea" attack.
- Mitigation technique would be to connect to Electrum server behind
hidden services (and we already have a good list of these).
- To achieve this we could have:
- The Electrum server pool support the addition of hidden services.
- Have Electrum connect to a mix of clearnet and Tor Electrum
servers when run behind Tor. Could that be a --tor option to the
Electrum command line?
Minoru, if that makes sense to you, do you mind creating this ticket and
taking care of it on
https://github.com/spesmilo/electrum/issues?
> I already proposed writing more documentation about the problem. Look
> through my emails with the title “Electrum doc wrt. avoiding the
> negative effects of DoS [was: Re: Article: Bitcoin over Tor isn't a
> good idea].” I was told that I should write the documentation in the
> Electrum Wiki [https://electrum.orain.org/wiki/Main_Page] which I do
> not think is a good idea because this problem is specific to Tails.
>
> I love bitcoin, but including it in Tails was premature. This
> technology is revolutionary, but even the top bitcoin developers will
> tell you that it is still experimental. Tor works with viewing websites
> with HTTPS/SSL, but it is not designed for the bitcoin protocol.
> Bitcoin is especially unsuited for Tails because using it in the most
> decentralized or secure way requires a lot of persistent diskspace.
> Since it is already installed, you have three options:
> 1. Remove Electrum from Tails. Many users have already transferred
> money to their wallets in Tails. I am not sure how you would transition
> away from including this software. Also, it makes Tails look bad.
> 2. Keep Electrum installed in “the world's most secure operating system”
> with a major vulnerability. It is unlikely that there will be a simple
> solution for all users anytime soon.
I think it's worth trying to get Electrum to support hidden services in
their pool and see how this goes.
> 3. Test my solution. I understand that the developers are busy and I
> wish that I could contribute more, but this option seems like the
> best option to me.
I think that documenting an issue and its workarounds won't solve it in
this case, because the issue that we are trying to address here is
invisible to the careless user. It's not an obscure error message that
you google to be able to understand it. It's something you might be
fooled into without realizing it. So you're solution would require every
possible Electrum user in Tails to read the doc, understand it, and
apply your workarounds carefully. Given how frequently we receive
support requests regarding basic and well-documented features of Tails,
I can tell you that people reading our doc are a minority (and
especially when they don't notice they're having a problem).
--
sajolida
